diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-08-02 06:36:42 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:00:19 -0500 |
commit | a3947eaa4eb32c40e983993d17178bb9d9b5f151 (patch) | |
tree | f9f26ab106a2de682b842e1a369e21fad889af0b /source3/smbd | |
parent | fefbaf2bca42569f6a3cc8b68578200159409ec9 (diff) | |
download | samba-a3947eaa4eb32c40e983993d17178bb9d9b5f151.tar.gz samba-a3947eaa4eb32c40e983993d17178bb9d9b5f151.tar.bz2 samba-a3947eaa4eb32c40e983993d17178bb9d9b5f151.zip |
r8912: Samba 3.0 was failing from a Vista client, because it was using 'raw'
NTLMSSP (not wrapped in SPNEGO). We really should have supported this
anyway, but we got away with it for a while...
Andrew Bartlett
(This used to be commit 78f0640a4b4af8b40c0af251fd06edd97feaf1be)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/sesssetup.c | 45 |
1 files changed, 39 insertions, 6 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 8586ac1324..6a414acc4c 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -353,7 +353,8 @@ static int reply_spnego_kerberos(connection_struct *conn, static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *outbuf, uint16 vuid, AUTH_NTLMSSP_STATE **auth_ntlmssp_state, - DATA_BLOB *ntlmssp_blob, NTSTATUS nt_status) + DATA_BLOB *ntlmssp_blob, NTSTATUS nt_status, + BOOL wrap) { BOOL ret; DATA_BLOB response; @@ -406,9 +407,16 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out } } - response = spnego_gen_auth_response(ntlmssp_blob, nt_status, OID_NTLMSSP); + if (wrap) { + response = spnego_gen_auth_response(ntlmssp_blob, nt_status, OID_NTLMSSP); + } else { + response = *ntlmssp_blob; + } + ret = reply_sesssetup_blob(conn, outbuf, response, nt_status); - data_blob_free(&response); + if (wrap) { + data_blob_free(&response); + } /* NT_STATUS_MORE_PROCESSING_REQUIRED from our NTLMSSP code tells us, and the other end, that we are not finished yet. */ @@ -504,8 +512,8 @@ static int reply_spnego_negotiate(connection_struct *conn, data_blob_free(&secblob); reply_spnego_ntlmssp(conn, inbuf, outbuf, vuid, auth_ntlmssp_state, - &chal, nt_status); - + &chal, nt_status, True); + data_blob_free(&chal); /* already replied */ @@ -550,7 +558,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf, reply_spnego_ntlmssp(conn, inbuf, outbuf, vuid, auth_ntlmssp_state, - &auth_reply, nt_status); + &auth_reply, nt_status, True); data_blob_free(&auth_reply); @@ -652,6 +660,31 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf, return ret; } + if (strncmp(blob1.data, "NTLMSSP", 7) == 0) { + DATA_BLOB chal; + NTSTATUS nt_status; + if (!vuser->auth_ntlmssp_state) { + nt_status = auth_ntlmssp_start(&vuser->auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(nt_status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(vuid); + + return ERROR_NT(nt_status); + } + } + + nt_status = auth_ntlmssp_update(vuser->auth_ntlmssp_state, + blob1, &chal); + + data_blob_free(&blob1); + + reply_spnego_ntlmssp(conn, inbuf, outbuf, vuid, + &vuser->auth_ntlmssp_state, + &chal, nt_status, False); + data_blob_free(&blob1); + return -1; + } + /* what sort of packet is this? */ DEBUG(1,("Unknown packet in reply_sesssetup_and_X_spnego\n")); |